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For a class £ of languages let PDL[£] be an extension of Propositional Dynamic Logic which allows 
programs to be in a language of £ rather than just to be regular. If £ contains a non-regular language, 
PDL[£] can express non-regular properties, in contrast to pure PDL. 

For regular, visibly pushdown and deterministic context-free languages, the separation of the 
respective PDLs can be proven by automata-theoretic techniques. However, these techniques introduce 
non-determinism on the automata side. As non-determinism is also the difference between DCFL and 
CFL, these techniques seem to be inappropriate to separate PDL[DCFL] from PDL[CFL]. Nevertheless, 
this separation is shown but for programs without test operators. 



1 Introduction 

Propositional Dynamic Logic (PDL) J9) is a logical formalism to specify and verify programs fT2l[T6l[TTI . 
These tasks rely on the satisfiability and model-checking problems. Applications in the field are supported 
by their relatively low complexities: EXPTIME- and PTIME-complete, respectively ]9). 

Formulas in PDL are interpreted over labeled transition systems. For instance, the formula (p)(p means 
that after executing the program p the formula <p shall hold. In this context, programs and formulas are 
defined mutually inductively. This mixture allows programs to test whether or not a formula holds at the 
current state. Additionally, programs are required to be regular over the set of atomic programs and test 
operations. For instance, the program while (b) do p; can be rendered as ((b?;p)*;-<b)(p to ensure 
that the loop is finite and that (p holds when the loop terminates J9). 

The small model property of PDL |9] cuts both ways. First, it admits a decision procedure for 
satisfiability, but secondly it restricts the expressivity to regular properties. As a consequence counting 
properties and, in particular, the nature of execution stacks cannot be expressed. The last consequence 
runs contrary to the verification of recursive programs. 

A natural way to enhance the expressivity is to relax the regularity requirement. For a class £ of 
languages let PDL[£] denote the variation which requires that any program belongs to For instance, 
we write a diamond as (L) q> for L € £. This leads to a hierarchy of logics. Obviously, PDL[£] < PDL[9H] 
holds for £ C Wl. Besides regular languages, we consider the variations for the class of visibly pushdown 
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• For any state q, at most one of 8(q,a,X) (for a £ £), S(q, £,X) and S(q, <pT,X) (for some PDL[£]-formula <p) is not empty. 

• For any state q and two distinct PDL[£]-formulas <pi and (fa, we have that if 8(q, q>i ?,X) / and S(q, (f>2?,X) ^ then <pi 
and <f>2 are semantically disjoint, that is |= -^{<P\ A <pi)- 

Otherwise, it would be possible to simulate a non-deterministic choice by inserting a test for "true" for every possible choice and 
vary each test syntactically in a different way. Note that "true" has infinitely many synonyms. A non-example is APDL ? [CFL] = 
APDL ? [DCFL] in 0. 
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languages | Q, VPL, the class of deterministic context-free languages, DCFL, and context-free languages, 
CFL. The inclusion order continues on the logics' side. 

PDL = PDL[REG] < PDL[VPL] < PDL[DCFL] < PDL[CFL]. (1) 

Harel et al. discussed the effect of adding single (deterministic) context-free programs to PDL |[T3l[T4l[T2l . 
The logic PDL[VPL] were introduced by Loding et al. ifTTIl . 

To handle the respective decision problems, the languages are represented by a machine model for the 
respective class. For each of these logics, any of its formula q> can be translated into an ft)-tree-automaton 
which recognizes exactly all tree-like models of (p where the out-degree of any node is globally bounded. 
Such a model exists iff q> is satisfiable. For PDL and PDL [REG] these tree-automata are finite-state ll23l . 
for PDL[VPL] they are visibly pushdown tree-automata OH [T3 and for PDL [DCFL] and PDL [CFL] they 
are tree-automata with unbounded number of stacks. The last notion is rather artificial. However, the 
stacks are used, first, to accumulate unfulfilled eventualities and to simulate the complementation of 
programs given as pushdown automata. Note that in the setting of visibly pushdown automata, only one 
stack suffices as co-VPLs are closed under complementation [ 1 ] and under determinisation (for stair-parity 
conditions) |[T8l . 

The first two inequalities in ([TJ are strict. In this paragraph we sketch the proofs for the first two 
inequalities. Consider the language L := {c n r n \ n G N} over an alphabet £ 5 Hence, we have 

L S VPL if we take c for a call and r for a return in a visibly pushdown alphabet for £. Now, we claim that 
t}:=(L) p is not expressible in PDL [REG] where p is a proposition. For the sake of contradiction, assume 
that there were such a formula. Restricted to linear models, the previous translation leads to a finite-state 
Biichi-automaton £f which recognizes those models. Let ./V be sufficiently large — which depends on the 
pumping length and the, here omitted, encoding. Consider the following model of # for N' = N. 




N' times N times 



As srf accepts this model, it also accepts this transition system for N' < N due to the pumping lemma. 
However, this structure is not a model of #. The separation of PDL[VPL] and PDL [DCFL] can be achieved 
in similar fashion. Take as program L:={w(jw R | w 6 (£\ {ft})*} £ DCFL over an alphabet E 3 (J. For any 
visibly pushdown alphabet for Z its return-part is not empty in general. Using such a letter for the w-part 
in L, an assumed visibly pushdown automaton for (L) p operates on that part like a finite-state automaton. 
The same argumentation applies as for the first separation. 

The separation for the last inequality in ([TJ is more cumbersome and intrinsic: For the satisfiability 
problem, the emptiness problem for finite-state and for visibly pushdown tree-automata is decidable |[T9l 
l23ll22lllT8l . The emptiness problem for the tree-automata with an unbounded number of stacks can be 
considered as the halting problem for Biichi-Turing machines GUI . Indeed, the satisfiability problems for 
PDL[DCFL] and PDL[CFL] are £[ -complete fl3l . Hence, both logics are not distinct by a "trivial" reason. 

The standard translation lf23l [T4l [TTIl from formulas to tree-automata bases on Hintikka-sets. For a 
fixed formula f} and for every node of the given transition system the automaton for v) guesses — among 
other things — the set of those subformulas of v) which hold at that node. Informally speaking, the 
non-determinism is required to handle disjunctions in the given formula and to recognize the termination 
of a program in an expression such as {L)q>. Note that a language in DCFL might be not prefix-free. 
However, non-determinism is also the difference between DCFL and CFL. Hence, the translation seems not 
to suffice to separate PDL[DCFL] from PDL [CFL]. 
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In this paper we make a step towards the separation of PDL[CFL] from PDL[DCFL] . For technical 
reasons we consider PDL[£] without the test operations like cp? — call the logic PDLo[£] — and prove the 
separation of the corresponding logics. This restriction is proper as PDLo is weaker than PDL [3). Note that 
PDL [£] is exactly the EF/AG-fragment of CTL[£] EJO. This logic is obtained from CTL by restricting the 
moments of until- and release-operations by languages in £. The separation of CTL[DCFL] and CTL[CFL] 
is unknown as well. 



2 Preliminaries 

Let £ be an alphabet. For a finite word w£l* we write \w\ for its length and w[i .. j] for its sub word 
starting at index i and ending at index j where < i < j < \w\. Both indices are zero-based. For words 
H,v£ruE ffl their concatenation is written as uv and the reversal of u as u R . Concatenation is extended 
to sets in the usual way. The empty word is denoted by e. A word u G Z* Ul ffl is a (proper) prefix of 
w G £* U L m iff there is v G £* U £ ffl such that uv = w (and v / e). The notation of a suffix is defined 
similarly. For two languages L\ and L2 their left quotient L\ \ L2 is {v | 3u G L\ .uv G L2}. If one of both 
languages is a singleton we may replace the language by its single word. Standard notations are used lfT31l 
for (deterministic) pushdown automata on finite words, DPDA and PDA, and (deterministic) context-free 
languages. Deterministic pushdown automata on co-words, CUDPDA, are equipped with Biichi-acceptance 
conditions EDI . 

Let Prop = {p,q, . . .} be a set of propositions. A labeled transition system, LTS, is a triple S? = 
{y , — >,£) consisting of a set of states y, of a labeled edge relation — >C y x £ x y and of an 
evaluation function £ : y — > 2 Prop . We write s t instead of (s,a,t) G — >. A path is a sequence 
so,a\,s\,a\, . . .a n -\,s n for some n G N such that -^4> st + \ for all i G {0, ...,n — 1}. For such a path we 
may write sq — ^> ^1 • • • $n- A structure is a pair ^# = (3^,s) of an LTS and a state in it, called 
root. Previous notations for LTSs are also used for structures. A structure ^ = ((y f , — >',£'), s') is an 
extension of j$ , written as ^ < ^#', iff y C y', — >Q — £ is the restriction of £' to y, and s = s' . 

Let £ be a class of languages. We define the logic PDLo[£] in negation normal form using a CTL-like 
syntax — that is, EF L cp stands for the PDL-expression (L) cp for instance. The formulas are given by the 
grammar 

cp ::= ff I tt I p I ->p I cpVcp I cpAcp I EF L cp | AG L cp 

where p G Prop and L G £. Such formulas are denoted by cp, y/% #, and 5. The atoms ff and tt are called 
constants, and p and -1 are called literals. Implication and equivalence are definable. A formula EF L cp 
is called EF '-formula. An AG-formula is meant analogously. A formula is interpreted over a structure as 
follows. 

5T,s¥=ff 3T,s\=tt £?,s^pffip££(s) &,s\=^pi&pg£(s) 

,s |= cpi Vcp 2 iff 2? \s \= cpi or 5* ',s |= CO2 5V |= cpi A 92 iff |= cpi and |= cp 2 

5 |= EF L cp iff there is path sq si . . . ^4- s n with s = so, flo • • ■ 1 GL and s„ |= cp 

s |= AG L cp iff for all paths so s\ . . . — ^ s„ with 5 = sq and ao • • • 1 G L: 2? , s n \= cp 

If 3?,s |= cp then the structure is a model of cp. A structure is tree-like iff ^ forms a tree 

with root s. Since PDLo[£] is closed under bisimulation, every satisfiable formula has a tree-like structure 
as a model. A formula cp is a tautology, written as |= cp, iff every structure is a model of cp. 
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3 Outline of the Proof 

For the following parts, fix an alphabet £ which at least contains and 1 but not $, and set £$ := EU {$}. 
The language of palindromes is denoted by Palindromes := {w G I* \ w = w R }. We will show that there 
is no PDL [DCFL] -formula which is equivalent to the reference PDL [CFL] -formula EF Palindromes$ tt. As 
the reference formula does not contain propositions we may assume that neither does any equivalent 
formula. Equivalently, we may assume that Prop = 0. 

For the sake of contradiction, let ■& G PDL(>[DCFL] be a candidate formula which is assumed to be 
equivalent to EF Palmdrom tt. To illustrate the main problem about provoking a contradiction, we begin 
with a simpler setting in which ■& does not contain any conjunctions or AG-formulas. As we have the 
equivalences 

EF L f f o f f , EF Ll EF i2 \j/ O EF Ll Ll - and \/ EF 1 ' y <h> EF U < u \\f 

i 

the formula # can be rewritten as 

EF U '' L '' 1 ''' i ' J '<tt 

where L, j are DCFLs over £$. In general, an equivalence EF PalmdromesS tt <H> EF L tt implies 

Palindromes = {w G £* | w$ is a prefix of a word in L] 

for L C E|. Therefore, we have that Palindromes would be expressible as a finite union over a finite 
concatenation over DCFLs over Z. Some combinatorial argument shows that this is impossible. 

Back to the real world, we are also faced with conjunctions and AG-formulas in #. A natural attempt 
is to eliminate these subformulas. Indeed, a conjunction seems not to support a statement which speaks 
about a single path only. Instead, it speaks about a bunch of paths. Similarly, an AG-formula is not 
monotone with respect to models but the reference formula is monotone. To turn off such formulas, one 
could saturate the considered structures with substructures which falsify AG-formulas and which do not 
affect the desired property EF Palmdromes$ tt. However on such a new structure, the attached substructures 
could be recognized by other EF-subformulas. But these subformulas need not to be concerned with 
palindromes in any reasonable way. Moreover, Bojahczyk proved — for the dual setting — that such an 
elimination procedure is only possible if — in our setting — palindromes were expressible as a finite union 
of languages of the form A$a\A\a2 ■ • -A^^anA* for a\,...,a„ G £ and Aq, . . . ,A n C L. Obviously, this is 
not the case. 

Therefore, our strategy is different. First, we show that topmost AG-formulas and topmost conjunctions 
can be eliminated (§ [6]and|7j). This renders the candidate formula # as V/EF^'i//;- for some L, C 
and some formulas y/i with unknown structure. Secondly, if L, is not a singleton language then the 
formula EF L ' \jfi P er se provides all the information required for a contradiction. Either it under- or over- 
approximates palindromes. And if L ( is a singleton we proceed in a similar way with the left-quotient of 
f> with the only word in L,-. The whole procedure (§[8]> terminates through a sophisticated measure (§[5]>. 
The case that L,- is not a singleton give rise to a characterization of languages which will bridge between 
the formula and the language part of the separation proof. 

Definition 1. A language LCI* is good iff L = {J ieI LiRi such that I is finite, and for each i G /, the 
language Li is a DCFL, |L, | > 2 and Rj C Z*. 

In the view of Bojahczyk's result, our iterated elimination is non-uniform compared to the preferable 
approach in the previous paragraph. Finally, we show on the language-theoretical level that palindromes 
are not good (§[4]). 
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4 On Palindromes and DCFLs 

In this section it is proven that the language of palindromes is not good. For this purpose we first show 
that this language is not expressible as a union of DCFLs (Theorem[3]). Although it is know that the set of 
palindromes is not deterministic context-free, the standard proof [10, Cor. 1] does not seem to be adaptable 
because the applied min-operator does not commutate with the union. As a second step, it is shown that if 
palindromes are underapproximated by a concatenation then the components of the concatenation follow 
a very simple pattern (Lemma|5]). 

Lemma 2 (Pumping lemma). Let u £l ffl be accepted by an (ODPDA £/. There are words uq G £*, u\ G £ + 
and ii2 G T ffl such that uqU\U2 = u, and uqU2 is accepted by '. 

Proof. Firstly, we may assume that stf only erases or pushes symbols from or on the stack and never 
changes the topmost symbol. Indeed, an WDPDA can keep the topmost element of the stack in its control 
state [15, Sect. 10.1]. By this restriction, in any run the stacks of two consecutive configuration are 
comparable with respect to the prefix-order. Secondly, consider the infinitely many stair positions in the 
accepting run of stf on u. By a stair position [18] we understand a position such that the current stack 
content is a prefix of all further stack contents in this run. As the set of states is finite, there are two 
different stair positions which name the same state. We may assume that a non-empty part of u, say u\ 
with fits into their gap. Hence, this part can be removed. By the definition of stairs, the 

obtained sequence of configurations is a run of on moM2- As the modification affects a prefix of u only, 
.e/ also accepts uqU2- □ 

Theorem 3. Let v G £*, n G N, and Li, . . . ,L„be DCFLs over Z. Then |J" =1 L, / v\Palindromes. 

Proof. Define the sequence (w,), e N of strictly prefix-ordered words as follows. 

WQ\=V 

w,- + i:=w,-10''lwfv s (ieN) 
For all i G N we have w, G v\ Palindromes. For the sake of contradiction, assume that 

n 

(jL,- = v\ Palindromes. (2) 

i=l 

We sample the candidate on the left of Eq. [2] with the words {w;}, e N- Since the union is finite, there is 
an infinite / CN and an i G { 1 , . . . , n} such that the words {w,}, e / belong to L,-. Let srf be a DPDA for L,-. 
Additionally, we consider srf as an WDPDA where the final states are the Biichi-states. Hence, as srf is a 
deterministic device it accepts 

w := limw, = limvv, G L m . (3) 

i'eo iez 

Apply Lemma[2]to stf and w. Let uq, u\, U2 be the obtained factors. We run srf on w for at least \uom | 
steps until it processes some subword 10 K 1 for the first time. Note that the function which maps i G N to 
the first occurrence of 10' 1 in w is unbounded. Let £ be the first index in w after that subword. So far, 
£/ has seen the first £ letters in w. We keep si running for at least another £+ \v\ steps until it reaches a 
final state. Such a run is always possible as accepts infinitely many prefixes of w. Let u' be the word 
constructed in this way. Hence, u' G v\ Palindromes as srf accepts u'. 
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Let u" be the word u' where the wi-block is removed. That is u" := u'[0 .. |«o| — 1] m'[|mo«i| ■• W\ — 1]- 
Again by construction and Lemma |2j srf accepts u" . Thus, u" G v\ Palindromes. Let h be the word 
between u\ and the block 10*1, that is u = w[\uqu\ \ .. £ — 3 — k\. As vu' is a palindrome, it ends in the 
word (vuoU\u\0 K l) R of length £+ \v\. The modification leading to u" affects at most the first i positions 
only. Hence, as \u'\ >2£ + \v\, u" also ends in (vuoU\ulO K l) R . As vu" is also apalindrome, uqu\0 k I is a 
prefix of uoU\u\0 K l. Since u\ is not the empty word, this is a contradiction to the choice of 10^1. □ 

Lemma 4. IfLR C Palindromes and R is infinite then L is prefix-ordered. 

Proof. Let G L with \t$\ < \£i\. Take rGfi such that \r\ > This is possible as R is infinite. 
Since l^r and l\r are palindromes, and l R are suffixes of r. Therefore, £o is a prefix of l\. □ 

Lemma 5. Suppose LR C Palindromes, |L| > 2 and R is infinite. Then 

RCu*U 

for some word u € S* a«<i a finite language U C L*. 

Proof. Let mo ; «i be two distinct words in L. By the Lemma[4]we may assume that mo is a proper prefix of 
u\. Define u := uq\u\. Note that = «i- 

Claim 5-1. For w G /? ancf n G N we have 

(i) u n is a prefix ofw, and 

(ii) (u R )"u R is a suffix ofw 
ifn\u\ + | wo I < | w|. 

Proof of claim. By induction on n for a fixed w G /?. If n = 0, Mq is a suffix of w as mow is a palindrome. 
For the step case from n to n + 1 assume that 



(« + 1 ) | M | + |W()| < \w\ 



(4) 



The word v := uqu" +1 = u\u" is prefix of «iw by IF (i) As u\w is palindrome, v R is a suffix of w because 
of Q. This proves the second item. Since uqw is also a palindrome, it has v is a prefix. Hence u n+l is a 
prefix of w — this is the first item. 



Let w£J?. For A^. := |_(|w| — |mo|)/|«|J> the claim yields w = u " w where w are the r w :=|w| — N w \u\ 
last letters of w. Since r w < |mo| + \ u\ is bounded independently of w, there is a finite set {/ such that 
R<Zu*U. □ 



Lemma 6. Let 



(J M;, W*j M*, 2 M/,3 (5) 



for I finite and Ujj G ^ for all suitable indices. Then there is a word w6l* which is not a prefix of any 
word in L. 
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Proof. Consider the tree L m . For each i G 1, the word m (| o defines a (finite or infinite) path in the tree. 
As / is finite, there is a wo € L* which is not on these paths. There are at most |wo| • |/| paths of the form 
Uifl u\ l uf 2 for i G / and j G N which pass wq. By the same argument, we get a word w\ which extends wo 

and cannot be reached by these paths. A final application to wi and u\ ,o u J n u k i2 Uj .3 for i G / and j, k G N 
yields the claimed word w. □ 

Corollary 7. 77ie se* Palindromes is not good. 

Proof. For the sake of contradiction, assume the contrary, that is 

Palindromes = ML;/?; (6) 

iel 

where / is finite, and for any i G / the language L, is a DCFL, and |L, | > 2. Set I + :={i G / | Rt is finite}, 
and I~:=I\I + . For any / G /+, we have that L,7?,- is a DCFL [ 10, Thm. 3.3] as Rj is finite in particular. 

Let i G I . Since |L,| > 2 and R{ is infinite, Lemma [5] shows that/?,- C r*Ri for some r, G S* and for 
a finite language Rj C £*. Depending on the size of L, we can bound L,7?,. If L, is infinite then the very 
same lemma shows by reversal that L; C Lit* for some G L* and a finite L,- C L*. Hence, 

L i R i <ZL i f i r*R i = |J xt ir *y. 

xeli,yeRi 

In the other case — |L, | is finite — one obtains 

LiRiQ |J xr*y. 

xeLj,yeRi 

In both cases, the unions are finite. All in all, we have 

[jURi = |J Li R; U Q' 

iel (e/+ DCFL 

where Q' C 2 := Uie7 M i',0 w*i "^2 M '3 f° r some finite set 7, and some words m.o, . . . ,Ui$ G T*. By 
Lemma[6} there is a finite word w which is not a prefix of any word in Q. Using ([6]), we get 

w\Palindromes = [J w\(L,-Ri). 

iei+ 

The left quotient with a single word w is the inverse of the gsm mapping which sends a word u to w u. As 
DCFLs are closed under the inverse of gsm mappings OH Thm. 3.2], the language w\(L,7? ! ) is a DCFL for 
i G I + . But this a contradiction to Theorem[3] □ 

5 A Measure for the Extraction 

Informally, the measure of a formula is a set of vectors. Each vector measures the languages annotated to 
EF-subformulas along a path from the root of the formula to its atoms. For the measure of a language, the 
size of its only word is considered if the language is a singleton. 
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Definition 8. Let M be the set of all finite subsets of((0 + 1)* where ft) + 1 = {0, 1,2, ... , ft)}. The second 
argument of the cons-operator ■ :: • on (ft) + 1)* is extended to sets. The empty list is written as nil. The 
measure of a formula is defined by 



il(l) 
M(9o°<Pi) 

m L q>) 



-{nil} for £ a literal or a constant 

=/i(qjb)U/l(pi) /oro£{A,V} 
= \\L\\ :: H(q>) for Q G {EF, AG} 



where 



\\w\ if L = {w} for some w G £* , 
I ft) otherwise. 

Lemma 9. The lexicographic order [4\ Sect. 2.4], >i ex , on (ft) + 1)* is defined by 

(ft) + l)" 3 (wi,...,0 > hx (vi,...,v m ) G (ft)+l) m 

iff n > mV (n = m A3k < n.u^ = A V/ < k.Ui > v,-), where > is natural order on ft) + 1, f/zaf is 
ft) > . . . > 1 > 0. 

Definition 10. 77ze binary relation >m o« M is defined as follows. 
M >m N iff there are X, Y G M swc/j f/zaf 0/XCM, 

AT = (M\X)UF, anrfVyeF3xeX.x> /ec y. 
Lemma 11. 77je relation >m is a sfn'ct anJ terminating order. 

Proof. We follow Baader and Nipkow 01. The natural order on ft) + 1 is strict and terminating. Hence, 
so is >i ex [4, Lemma 2.4.3]. Therefore, the multiset order on (ft) + 1)* is also strict and terminating 
Lemma 2.5.4 and Theorem 2.5.5]. Due to the natural embedding of M into the set of finite mulisets on 
(ft) + 1)*, the relation >m is dominated by the multiset order. Hence >m is terminating. Thanks to the 
same embedding, >m is a strict order □ 

We write >m for the reflexive closure of >m- Similarly, <m and <m are meant. 



6 e-Free Formulas 



Formulas like EF l i/a and kG L y can speak about the current state if e G L. We intend to combine structures 



at their roots — in the proof to Thm. 17 and 18 — , such that formulas should not realize this modification. 
Nonetheless, formulas can be transformed accordingly. 

Definition 12. The property being £-free is inductively defined on PDLq[ ■ ]-formulas. 

(i) Any literal is e-free. 

(ii) A conjunction and a disjunction is e-free if both conjuncts or both disjuncts, respectively, are e-free. 

(Hi) EF L <p and AG L <p are e-free iffe^L and (p is e-free. 
Definition 13. The function is defined on PDLq[ ■ ] -formulas 



<po o (p * 



GV 



ife<£L 

otherwise ifQ = EF 
k A g L \{e} otherwise if Q = AG 



where I literal or a constant 
foro G {A, V} 

for Q G {EF, AG} 
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Lemma 14. For every PDLq[ ■ ]-formula (p we have, 

( i) (p and (p* are equivalent, 

(ii) (p^ is e-free, and 
(Hi) n(q>*) <mM(<P)- 

Proof. Each item can be proven by induction on (p. We detail on the last item for the second case of 
<2V- AsthelH yields /x(^) < M n(<P), we have n(<p*) <MAt(<2 A{e V) <m At(<2 A{e} <7>) <M^(Q L (p)- 
Hence, the claim follows by pt((p^ V Q L \ {e} <p*0 <M i u(G A{e} <P 9 ')- □ 



7 Elimination of Outermost AG-Formulas and Conjunctions 

Although it is impossible to eliminate conjuncts and AG-formulas in general, the topmost ones can be 



removed (Thm. 17 and 18). Hence, if # is equivalent to EF L tt for some language L then r> can be 
rearranged to a disjunction of EF-formulas only. However, these EF-formulas might contain conjunctions 
and AG-formulas in turn. 

Definition 15. A formula ■& is in disjunctive normal form (DNF for short) iff it has the shape 

V A «'J A A %i 

iel \je4 jeJf 

where I, jf and Jf are finite sets, OC,-j is an e-free AG-formula, and e, j is an e-free EF '-formula (for all 
suitable indices). The completion of # is 

V V f\^' 

hAi"-^ 

where *P:={e;j' | i G I,j £ Jf}. A formula #' is complete iff it is ft* for some #. The term "DNF" and 
"complete" shall be applied up to associativity and commutativity of the Boolean connective^ 

Lemma 16. For any e-free formula # we have 

(i) an equivalent formula #' in DNF such that <m A 4 ^). an d 

(ii) that #* is a DNF, #* and ft are equivalent, and jU(#*) <m A t (^)- 



Proof. To get a DNF, the distributive law is applied where AG- and EF-formulas are taken as atoms. This 
application might rearranging (positive) Boolean connectives and might duplicate atoms. However, the 
measure is defined in terms of unions for these cases. 

For the second item, the implication to # follows from the definition of the additional disjuncts. The 
other direction is weakening. As the additional terms are build only of top-level EF-formulas in #, their 
measure is already subsumed in /i(f>). Note that pt is just the union in the case of the (positive) Boolean 
connectives. □ 



2 Note that this is well-defined when the measure /i is taken. 
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For two structures and we define ® ^#2 as the disjoint sum of both structures but with the 
root shared. The evaluation of the root is fixed as Prop = for our purposes. The notation is extended to 
sequences of structures, say (^),- e /, in the usual way, written as ©,- e /^-. 

A formula \\f is structurally monotone iff for any model of \\f any of its extension is also a model of 
An example is EF L tt for any language L. 

Theorem 17 (Elimination of AG-formulas). Let 

y;=\/ IcqA /\eij\ (7) 

iel \ jeJ, J 

V v ' 

= :Ti 

be complete where I, Jj are finite, each a, is a (possibly empty) conjunction ofe-free AG-formulas, and 
each Eij is a e-free EF '-formula. If \j/ is structurally monotone, then \jf is equivalent to 



V-=\l [ A e U • (8) 




Note that /i(y/) <m 

Proof. |= — > ¥ i s obvious. As the considered logic is closed under bisimulation, we consider tree-like 
structures in the following only. For the other direction, let ^ be a model of \\f. We have to show that 
jft is also a model of Y '■ If there is an i G / such that |= a,- and ^ |= T, then jft |= T- and we are done. 
Otherwise, there is an io G / such that Y= a !o and ^ |= AjeJ iQ £ ' j> as ^ l = V- F° r i G / define 

jf:={jeJi\^\=eij}, and (9) 
jr-.= J i \J+. (10) 



There are are two cases. Either 



is a tautology or not. If ( 1 1 1 is a tautology then so is 



AAdj^Y (12) 

as a simple case distinction on ( fTT| ) shows. Indeed, let ^# be a model of the left side of ( fT2"] ). Then there is 
an / G / such that ^ \= a,- A Aygjr £ i',;- Both together lead to M |= a,- A Aye/j %j an ^ finally to |= y. 
Hence, the left hand side of ( [121 ) is a term in y as the latter is complete. But, by definition, this term is 
modeled by 



Otherwise (fTT} is not a tautology. So there is a structure jtft' with 



/NiAA^j (13) 
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for all i G /. We will exclude this situation. As /r = we have jtft' ^= ce,- in particular. Now let 
:= We claim that y= y which is a contradiction to the assumption that y is structurally 

monotone. For the sake of contradiction, suppose that there is an i G / such that \= T,-. Among the 
EF-formulas only those indexed by are already fulfilled in ./#. Hence, a,- A A/e/r e iJ must be satisfied 
by This is a contradiction to the choice of Note that we used implicitly that EF-formulas are 
£-free. □ 

The theorem requires a syntactical presence of formulas called a,. Note that minor changes make the 
proof also working if not all such parts a present. On the other hand, inserting such an empty conjunction 
does not increase the measure as atoms — such as tt — have the lowest measure anyway. 

Theorem 18 (Elimination of f\ EF-formulas). Suppose 

EF L tt = 8 V f\ EF Li y ( 1 4) 

iel 

where £ ^ Li for all i G /. If I ^ then there is an / G I such that 

EF L tt = 8 V EF L '>. (15) 



Note that the measure of (|T5]r) is bounded by that of ( 14 r), trivially 



Proof For any i G /, ([T4]r) implies ([T5]r). If there is an i G / with |= EF L, y/,- — > EF L tt, this i suffices for 
the other direction. To exclude the other case, assume that we have tree-like structures for all i G / 
such that 

(i) J( { |= EF L 'VA ; - but 

(ii) Jt d y= EF L tt. 

Let Wi G Lj be the witness for the first item. Set ^#:= ©,<=/ The root of ^# might satisfy different 
formulas than the roof of but this change is invisible to EF l, i/a ( - since |w, | > 0. Hence, ^# |= EF Li Yi- 
For the sake for a contradiction, assume that ^# |= EF L tt. This property depends only on a path in . 
The path is inherited from some ^ for i G /. Since EF L tt does not depend on the evaluation of the 
root, j%i |= EF L tt which is a contradiction to the second property of Therefore, ^# y= EF L tt. By 
construction we have |= f\ ieI EF 1 ' but M ty= EF L tt. This property contradicts ([14]). □ 



8 Extraction 



In the proof of Theorem 22 we apply previous elimination techiques to show that the candidate formula 
is equivalent to V, EF l, i/a ( -. In the case that L, is not a singleton set, we cannot decompose Yi an y further. 
Indeed, the proof relies on the property w(w\L) C L for any language L and word w. However, this 
inequality is false when w is replaced by a non-singleton language. Nevertheless if the term EF L, y/,- accepts 
a linear structure then the term factorises the word on the structure. The left factor is L ; , surely, and the 
right one can be read off as follows. 

Definition 19. Let (p be a PDLq[-] -formula. Its language is Jz?(<p) := {w G L* \ 7T W $ |= <p} where K cn ... a „ 
is a path labeled with a\ to a n for a\ , . . . , a n G L. The node reached after n steps has no successor. In each 
node, no proposition holds. 

Lemma 20. if (EF L$ tt) = Lfor any L C £*. 
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Proof. Let w G Jzf (EF L$ tt). By definition, we have n w $ |= EF L$ tt. Hence there is a word w' G L such that 
7T W$ |= EF M "' $ tt. As w,w' G I* and $ ^ E, we have w' = w. For the converse, let w G L, then 7T W$ |= EF L$ tt. 
Hence w G J2?(EF i$ tt). □ 

Lemma 21. Le? Lo C Zjjj, L C £*, Zef 8 be a formula, and let y be a satisfiable formula. Suppose 

EF iS tt = 8 VEF io i/A (16) 

Define L\.=Lq n £* ant/ L2'.={w G £*$ | w w a prefix of a word in Lo}. L/zen 

5 VEF i( Y= 5 VEF Ll l/AVEF i2 tt. (17) 

Additionally, the measure of (|17|r) vvea&Zy bounded by that of (|17|l). 



Proo/ Case — Note that |= EF t °i//' — > EF Ll i//~V EF L2 tt since for every word w G Lq\L\ there is a 
prefix of w in L2. Case «— : Since L\ C Lo, |= EF Ll i/a — >■ EF L °i// holds. So, we assume a model ^# of 
EF L2 tt. Hence there is a path 7T in M labeled with a word u$ G L2. Let v G rjjj such that u$v G Lo. At the 
end of the path, we attach a path labeled with v and on that one a model of \j/ — note that y is assumed to 
be satisfiable. The new structure, say is a model of EF L ° ty. and also, by ( [T6] ), of EF i$ tt. 

All (rooted) finite paths in j4£' which not yet occur in M passes the labels u$. For the sake of 
contradiction, assume that M is not a model of EF L$ tt. Hence u% is a prefix of a word in L$. So, u G L 
because L C £*. Contradiction. 

And as for the measure, 

p (EF Ll !//■) = ||Li|| :: ji(yr) < M ||L || :: p(y) = p(EF L °\j/) and 
Ai(EF i2 tt) = ||L 2 || < M ||L || < M INI 

hold, and imply /i(EF i »^VEF i2 tt) < M ^(EF^vO- n 

Two remarks, to previous lemma: (1) If e ^ Lo then it is neither in L\ nor in L2 — but $ G L2 might be. 
(2) If Lo is a DCFL then so are L\ and L 2 . 

Theorem 22. Let P C £*, a«J /<?? <p a PDL [ DCFL] -formula over L$. If (p = EF p$ tt then is good. 

Proof. We apply to q> several transformations in sequence. Each transformation leads to a formula which 
is equivalent to q> and whose measure is weakly bounded by p((p) from above. The transformations are 
the following ones. 



• Make the formula £-free by Definition 13 and Lemma 14 



• Transform it into a DNF and complete the formula: Definition 15 and Lemma 16 



• Eliminate the outermost AG-quantifiers using Theorem 17 

• Apply Theorem 18 to each term of the DNF gotten from the previous transformation. Note that the 
applied formula is still £-free. 



Apply Lemma 2 1 and its remarks to the outermost EF-formulas 



Finally, we obtain a formula 



<P':=\/EfV,- = (p (18) 

iei 



such that p(cp') <m A t (<P) holds. In addition, / is finite and for each i G / we have that 
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• L{ C £+, or Lj C £*$ and i//, = tt, 

• L( / 0, and 

• Li is a DCFL. 

If Li C 1+ then set L?:=L,- and /?,:=if (^), and else, l):=L,-/$ and /?,:={£}. Note that L- is DCFL in 
any case. 

Claim 22-2. _&f((p') = \Jia(4 */)• 

Proof of claim. C: Let w G J2?(<p')- By ( fT8] >, 7T V1 .,$ |= \J ieI EF Li Yi- By case distinction and by using that $ is 
not part of w, we have w G Ui£/(A' ^ : Let w e Uie/(-^,- We have to show that n w$ \= V^/EF^y/,-. 
There are two cases. First, if w G L\Ri for some i G I with L, C £*$, then l//,- = Hence 7T W $ |= EF L ' l//,-. 
Second, if w G LjRf for some £ G I with L\ C £+, then w = uv with w G L, and v G So, 7T V $ |= l//, and 
thus 7T m ,<|; |= EF L '\j/i. 

Thus, ^{ty') is almost good. We have to exclude that there is an i G I with \l\\ = 1. Let I + :={i G 
7 | |L,| > 1}, /~:={£ G I | \Lj\ = 1}, and I~:={i G 7 | a is a prefix of the sole word in L,} for a G E. Let 
£~:={a G £ | 7~ 7^ 0}. Note that 7 = 7 + U7~ and that {7~} ae £- forms a partitioning of 7 . For a G £~, 
set 

<p a := V EF^V/ V \/ EF"\ L '^. 

As a\L, = for all i G 1^ fox b ^ a, the formula % is equivalent to EF a \ p$ tt. To apply the IH for 
a £ T, we have to ensure that n((p a ) <m At(9')- Indeed, jU(EF fl \ Li i///) < M /i(EF L, v^) for i G 7 + , and 
H(EF a \ Li yi) < M IJ.(EF Li yi) for / G I~ / 0. All in all, jU(<p a ) <m M (<?>') <M M(<p) holds. We use the 
outcome of the IHs to replace the contributions of 7 to Jz?(<p') by good languages. 



P 



(by Lemma 20 1 



(by Claim 22-2 1 



iel 



U {L)Ri)yj |J a [ |J a\Z.J*j U |J a\L^ 



U(^/?,)U |J aJ§f(<p fl ) 



(by IH) 



Also by IH, Jz?(<p a ) is good. So, Jz?(<p') is also good using the definition of 7 + . 

Corollary 23. Let <p G PDLq[dcfl]. lf(p = EF PalindromesS tt then the language Palindromes is good. 



□ 



Proof. By Theorem 22 and Lemma 20 



Corollary 24. pdl [dcfl] < pdl [cfl]. 
Proof. By Corollaries 23 and|7] 



□ 



□ 
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9 Conclusion and Further Work 

We proved that PDLo[DCFL] is distinct from PDLo[CFL] by means of model and language theory. Similar 
results — such as CTL vs. Fairness O, PDLo vs. PDL Q, and unary CTL vs. unary CTL + [7] — uses two 
sequences of transition systems which are indistinguishable for the smaller logic. Their proofs are pretty 
compact. So, is it possible to reformulate our proof in a similar way? The main difficulty should be the 
incorporation of Theorem [3] into transition systems. 

The considered logic is exactly the EF-/AG-fragment of the Extended Computation Tree Logic 0, 
say CTL[£]. This observation poses at least two questions. First, is it possible to extend the separation 
from the unary fragment to the binary EU-/AR-fragment? Here, the main challenge is the interpretation of 



E(y/i try/2) in the sense of Definition 19 as Xjfi could prohibit linear models: take E((p A (EF l -i^))U l va 2 ) 



for instance. Secondly, one could go from one of these fragments to the whole logic to obtain a separation 
of CTL[DCFL] and CTL[CFL]. In addition to the mentioned difficulties, one is faced with the alternating 



quantifiers EG and AF. To achieve such a goal, note that the Theorems 17 and 18 also hold for arbitrary 
path quantifications as long as £-freedom is guaranteed. An iteration of these tools along a given G)-word 
could unravel an cu-sequence of disjunctions of E-formulas. Such a sequence could be a subject for a 
pumping lemma similar to Lemma[2] The 00-word could follow the lines of Theorem[3j 

Finally, a separation of the full PDL (i.e. with tests) and of the A- variants of PDL ||2T1[T71 could provide 
more insight into the difference between the non-determinism in CFLs and the non-determinism used in 
the translation of formulas into automata. 
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